Hi David, David Lutterkort wrote: > Yeah, that's what that means. Here's a dirty trick to check multiple > conditions:
Your assistance so far has been awesome. If I had more time to play, I'm sure I could solve this in time, but I'm being hammered by the security teams and I need to get a solution onto our servers as soon as possible. I'm trying to check/change /etc/pam.d/system-auth The initial (default set) lines look like this: password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok I want to change them to this (result set): password requisite pam_cracklib.so retry=3 lcredit=1 ucredit=1 dcredit=1 ocredit=1 password sufficient pam_unix.so md5 shadow try_first_pass use_authtok remember=7 Essentially, I need to check if the lines match the result set and if not, to make the change. I'm happily able to make the proper changes, using the following (using the first line as an example): changes => [ "rm *[module='pam_cracklib.so'][type='password']/argument", "set *[module='pam_cracklib.so'][type='password']/argument[1] retry=3", "set *[module='pam_cracklib.so'][type='password']/argument[2] lcredit=1", "set *[module='pam_cracklib.so'][type='password']/argument[3] ucredit=1", "set *[module='pam_cracklib.so'][type='password']/argument[4] dcredit=1", "set *[module='pam_cracklib.so'][type='password']/argument[5] ocredit=1"], But I'm really struggling with the onlyif line to check that all the arguments are in place, the correct value and there are no extras. I'm able to test individual argument values and the overall count, but I seem unable to build a full match that checks everything at once, i.e. checks each of the first five argument values and ensures that there are only 5 arguments total. I hate stretching the friendship, but any assistance would be appreciated! Thanks, Avi --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
